Moderate: openstack-neutron security, bug fix, and enhancement update

Details

Updated openstack-neutron packages that fix two security issues, severalbugs, and add various enhancements are now available for Red Hat EnterpriseLinux OpenStack Platform 4.0.

The Red Hat Security Response Team has rated this update as having Moderatesecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

OpenStack Networking (neutron) is a pluggable, scalable, and API-drivensystem that provisions networking services to virtual machines. Its mainfunction is to manage connectivity to and from virtual machines. As of RedHat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum'as the core component of OpenStack Networking.

A flaw was found in the way OpenStack Networking performed authorizationchecks on created ports. An authenticated user could potentially use thisflaw to create ports on a router belonging to a different tenant, allowingunauthorized access to the network of other tenants. Note that onlyOpenStack Networking setups using plug-ins that rely on the l3-agent wereaffected. (CVE-2014-0056)

It was discovered that the default sudo configuration provided in OpenStackNetworking, which is specific to the openstack-neutron package shipped byRed Hat, did not correctly specify a configuration file for rootwrap,potentially allowing an unauthenticated user to escalate their privileges.(CVE-2013-6433)

Red Hat would like to thank the OpenStack project for reportingCVE-2014-0056. Upstream acknowledges Aaron Rosen from VMware as theoriginal reporter of CVE-2014-0056. The CVE-2013-6433 issue was discoveredby Kashyap Chamarthy of Red Hat.

This update also fixes several bugs and adds enhancements. Documentationfor these changes is available in the Technical Notes document linked toin the References section.

All openstack-neutron users are advised to upgrade to these updatedpackages, which correct these issues and add these enhancements.

Solution

Before applying this update, make sure all previously released erratarelevant to your system have been applied.